Mobile Threat Landscape: A Decade Later

We already knew that more and more people are becoming tablet and smartphone owners, but two new surveys that were released just this week reinforced that. A Google/Ipsos poll found that smartphone use was growing in all 5 surveyed countries. In the US, smartphone ownership rose from 31% to 38% of the population by September/October 2011. Over the holiday, a separate Pew poll found that ownership of eBook readers and tablets doubled.

Increasingly, threats to users are “going mobile” – and quite comfortably it seems. The mobile threat landscape has grown exponentially ever since the first proof-of-concept Palm Trojan was found. Mobile and tablet users are now seeing the same kinds of threats seen in the PC-world. Here are some scenarios that show the increasing similarities:

More than five years ago, a common tactic that cybercriminals used was getting reconfigured modems to call out to premium service and long distance numbers. Today, mobile malware frequently attempts to sign up users to premium services with regular subscription fees. Other times, they will transmit pilfered credentials and data to attackers, not caring about the user’s (limited) data plan, a potentially unsecured WiFi hotspot, or roaming with an expensive data plan.

For twenty-odd years the predominant malware threats were viruses, then it was worms and today its mostly one-time use Trojan downloaders. All this was just a means to an end; to keep your systems infected and compromised and prolong the threat. On mobile platforms, we already have data stealing Trojans tucked away in the guise of a useful mobile app but which silently record and transmit your data in the background.

Multi-staged and cross-platform threats from PC-to-mobile and back are already happening. Some variants of the ZeuS banker malware monitor your PC and online transactions; when it detects a request for secondary verification will send a Facebook link to your mobile phone to retrieve the data and thus fully get access to your online financial records.

Almost everybody I know receives some form of email on their mobile device, which basically mirrors whatever they get on your desktop. They are therefore subject to all the same phishing and spam that one gets on the PC-platform.

Exploits and threats such as man-in-the-middle attacks and broken SSL connections are things one hears about on PCs. However, today’s smartphones run more than ten times faster than PCs did in the 1980s. Together with the smaller screens and lack of full fledged tools to investigate things that are running in the background, this means that mobile/tablet users will be even more unaware to the fact that they are under attack or are victims.

These same devices are being brought into companies and increasingly adapted with BYOD (bring-your-own-device) policies that increases productivity. However, many companies do not treat these “mobile PCs” with the same caution as full-fledged laptops and desktops that follow policies and guidelines.

The rash of mobile apps that monitor and steal user information, and applications that are able to bypass even the most stringent vetting processes is proof that the mobile threat is here and now. As technology continues to integrate and make online access ubiquitous, everyone should become more aware of safe computing guidelines no matter what platform they are on.

How can users avoid becoming the next victim? Even when using mobile devices, there are anti-malware and content filtering solutions available. When partnered with some safe computing common sense, this adds another extra layer of protection against many of the common threats out there. Don’t forget to upgrade/update your firmware and your mobile apps as soon as they become available. They aren’t just there to make things pretty, but are released as bug fixes to reported issues.

Our previous thoughts about the mobile malware threat may be found in the following posts:

Security Predictions for 2020

Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.Read our security predictions for 2020.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.